Skip to content

[PROPOSAL] Add Context-Aware Functions for Apache Polaris #1620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

[PROPOSAL] Add Context-Aware Functions for Apache Polaris #1620

wants to merge 3 commits into from
+174 −18

Conversation

singhpk234
Copy link
Contributor

@singhpk234 singhpk234 commented May 19, 2025
edited
Loading

About the change

I’d like to propose adding context-aware functions to Apache Polaris so that view definitions can resolve security context on the Polaris side (aka catalog end without depending on engines).

Proposed functions

is_principal('<principal_name>') – returns TRUE if the authenticated principal matches <principal_name>, otherwise FALSE.

is_principal_role('<principal_role_name>') – returns TRUE when <principal_role_name> appears in the principal’s role set.

is_catalog_role('<catalog_role_name>') – analogous check at the catalog-role level.

Why it matters

These predicates make views dynamic. Example:

CREATE VIEW dynamic_vw AS
SELECT *
FROM ns1.layer1_table
WHERE is_principal_role('ANALYST');

When a user whose one of principal roles include ANALYST calls LOAD VIEW, Polaris rewrites the view to

SELECT * FROM ns1.layer1_table WHERE TRUE;

For everyone else the view becomes

SELECT * FROM ns1.layer1_table WHERE FALSE;

The result is better and consistent control of the identity resolution without relying on the engine side changes and giving Polaris more authority in enforcing things.
Note the same can be extrapolated to any Polaris stored entity.

Proof of concept

I’ve put together a quick POC branch:
here ^^^

Prior art

Snowflake context functions : https://docs.snowflake.com/en/sql-reference/functions-context
Databricks Unity Catalog offers a similar mechanism called dynamic views:
https://docs.databricks.com/aws/en/views/dynamic

Next steps

If the community is interested, we can discuss API surface, engine implications, and a roadmap for merging.

@github-project-automation github-project-automation bot moved this to PRs In Progress in Basic Kanban Board May 19, 2025
@singhpk234 singhpk234 closed this May 29, 2025
@singhpk234 singhpk234 reopened this May 29, 2025
@github-project-automation github-project-automation bot moved this from PRs In Progress to Done in Basic Kanban Board May 29, 2025
@github-project-automation github-project-automation bot moved this from Done to PRs In Progress in Basic Kanban Board May 29, 2025
@singhpk234 singhpk234 closed this May 29, 2025
@github-project-automation github-project-automation bot moved this from PRs In Progress to Done in Basic Kanban Board May 29, 2025
@singhpk234 singhpk234 reopened this May 29, 2025
@github-project-automation github-project-automation bot moved this from Done to PRs In Progress in Basic Kanban Board May 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adutra adutra Awaiting requested review from adutra adutra will be requested when the pull request is marked ready for review adutra is a code owner

@ashvina ashvina Awaiting requested review from ashvina ashvina will be requested when the pull request is marked ready for review ashvina is a code owner

@dennishuo dennishuo Awaiting requested review from dennishuo dennishuo will be requested when the pull request is marked ready for review dennishuo is a code owner

@dimas-b dimas-b Awaiting requested review from dimas-b dimas-b will be requested when the pull request is marked ready for review dimas-b is a code owner

@eric-maynard eric-maynard Awaiting requested review from eric-maynard eric-maynard will be requested when the pull request is marked ready for review eric-maynard is a code owner

@jackye1995 jackye1995 Awaiting requested review from jackye1995 jackye1995 will be requested when the pull request is marked ready for review jackye1995 is a code owner

@jbonofre jbonofre Awaiting requested review from jbonofre jbonofre will be requested when the pull request is marked ready for review jbonofre is a code owner

@vvcephei vvcephei Awaiting requested review from vvcephei vvcephei will be requested when the pull request is marked ready for review vvcephei is a code owner

@collado-mike collado-mike Awaiting requested review from collado-mike collado-mike will be requested when the pull request is marked ready for review collado-mike is a code owner

@snazy snazy Awaiting requested review from snazy snazy will be requested when the pull request is marked ready for review snazy is a code owner

@RussellSpitzer RussellSpitzer Awaiting requested review from RussellSpitzer RussellSpitzer will be requested when the pull request is marked ready for review RussellSpitzer is a code owner

@takidau takidau Awaiting requested review from takidau takidau will be requested when the pull request is marked ready for review takidau is a code owner

@MonkeyCanCode MonkeyCanCode Awaiting requested review from MonkeyCanCode MonkeyCanCode will be requested when the pull request is marked ready for review MonkeyCanCode is a code owner

@flyrain flyrain Awaiting requested review from flyrain flyrain will be requested when the pull request is marked ready for review flyrain is a code owner

@ebyhr ebyhr Awaiting requested review from ebyhr ebyhr will be requested when the pull request is marked ready for review ebyhr is a code owner

@ajantha-bhat ajantha-bhat Awaiting requested review from ajantha-bhat ajantha-bhat will be requested when the pull request is marked ready for review ajantha-bhat is a code owner

@HonahX HonahX Awaiting requested review from HonahX HonahX will be requested when the pull request is marked ready for review HonahX is a code owner

@pingtimeout pingtimeout Awaiting requested review from pingtimeout pingtimeout will be requested when the pull request is marked ready for review pingtimeout is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@singhpk234